15 matches found
CVE-2026-6435
A flaw was found in rust-coreutils. A local attacker can exploit a Time-of-Check to Time-of-Use TOCTOU race condition in the chmod command when it traverses symbolic links. By manipulating file system objects between the permission check and the actual permission change, a malicious user can caus...
Security update for python-wheel
This update for python-wheel fixes the following issues: CVE-2026-24049: Fixed absent path sanitization can cause arbitrary file permission modification bsc1257100. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
...
EUVD-2025-38213
KubeVirt is a virtual machine management add-on for Kubernetes. In versions before 1.5.3 and 1.6.1, the virt-handler does not verify whether the launcher-sock is a symlink or a regular file. This oversight can be exploited, for example, to change the ownership of arbitrary files on the host node ...
EUVD-2018-13447
Malware in sbrugna...
EUVD-2007-0121
Malware in sbrugna...
PT-2025-3882 · Parallels · Parallels Desktop
Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target host...
SAMSUNG Magician PC Software 安全漏洞
SAMSUNG Magician PC Software is an application from the South Korean company Samsung SAMSUNG. Designed to help manage Samsung SSDs. A security vulnerability exists in SAMSUNG Magician PC Software version 8.0.0. An attacker can escalate privileges by writing with arbitrary file permissions...
SUSE CVE-2018-15687
A race condition in chownone of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239...
CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation
Exploit Title: CheckPoint Endpoint Security Client/ZoneAlarm 15.4.062.17802 - Privilege Escalation Date: 2019-01-30 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.checkpoint.com/ Version: Check Point Endpoint Security VPN = E80.87 Build 986009514 Version: Check Point ZoneAlarm =...
CVE-2014-1272
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink...
CVE-2013-1423
1 contrib/gforge-3.0-cronjobs.patch, 2 cronjobs/homedirs.php, 3 deb-specific/fileforge.pl, 4 deb-specific/groupdumpupdate.pl, 5 deb-specific/sshdumpupdate.pl, 6 deb-specific/userdumpupdate.pl, 7 plugins/scmbzr/common/BzrPlugin.class.php, 8 plugins/scmcvs/common/CVSPlugin.class.php, 9...
CVE-2007-1227
VShieldCheck in McAfee VirusScan for Mac Virex before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands...
FreeBSD 4.x NetBSD 1.4.x1.5.x1.6 OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition
FreeBSD 4.x NetBSD 1.4.x1.5.x1.6 OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition source: https://www.securityfocus.com/bid/5355/info A vulnerability has been reported in some versions of the pppd daemon included with multiple BSD distributions. A race condition error in the...
FreeBSD 4.x / NetBSD 1.4.x/1.5.x/1.6 / OpenBSD 3 - pppd Arbitrary File Permission Modification Race Condition
source: https://www.securityfocus.com/bid/5355/info A vulnerability has been reported in some versions of the pppd daemon included with multiple BSD distributions. A race condition error in the code may result in the pppd process changing the file permissions on an arbitrary system file. pppd wil...